diff --git a/CVE-2021/CVE-2021-368xx/CVE-2021-36806.json b/CVE-2021/CVE-2021-368xx/CVE-2021-36806.json new file mode 100644 index 00000000000..c59b540177a --- /dev/null +++ b/CVE-2021/CVE-2021-368xx/CVE-2021-36806.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2021-36806", + "sourceIdentifier": "security-alert@sophos.com", + "published": "2023-11-30T10:15:07.183", + "lastModified": "2023-11-30T10:15:07.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on \n\nSophos Email Appliance \n\nolder than version 4.5.3.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-alert@sophos.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-alert@sophos.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://community.sophos.com/email-appliance/b/blog/posts/sophos-email-appliance-version-4-5-3-4-released", + "source": "security-alert@sophos.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42502.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42502.json index 36b5b1daecf..5ec099e7a3e 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42502.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42502.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42502", "sourceIdentifier": "security@apache.org", "published": "2023-11-28T17:15:07.907", - "lastModified": "2023-11-28T18:29:23.617", + "lastModified": "2023-11-30T09:15:07.123", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.\n" + }, + { + "lang": "es", + "value": "Un atacante autenticado con permiso para actualizar conjuntos de datos podr\u00eda cambiar el enlace de un conjunto de datos a un sitio que no es de confianza falsificando el encabezado del host HTTP; los usuarios podr\u00edan ser redirigidos a este sitio al hacer clic en ese conjunto de datos espec\u00edfico. Este problema afecta a las versiones de Apache Superset anteriores a la 3.0.0." } ], "metrics": { @@ -47,10 +51,6 @@ } ], "references": [ - { - "url": "http://www.openwall.com/lists/oss-security/2023/11/28/3", - "source": "security@apache.org" - }, { "url": "https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4664.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4664.json index cbc23bc8582..5be39aba641 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4664.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4664.json @@ -1,9 +1,9 @@ { "id": "CVE-2023-4664", - "sourceIdentifier": "cve@usom.gov.tr", + "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-09-15T09:15:08.230", - "lastModified": "2023-09-20T16:41:57.087", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T09:15:07.313", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "iletisim@usom.gov.tr", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,30 +37,30 @@ "impactScore": 5.9 }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 7.1, + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, - "impactScore": 4.2 + "impactScore": 5.9 } ] }, "weaknesses": [ { - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "type": "Primary", "description": [ { @@ -91,7 +91,7 @@ "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0535", - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "tags": [ "Third Party Advisory" ] diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4702.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4702.json index 8b08a33447d..9ce300be0f6 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4702.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4702.json @@ -1,8 +1,8 @@ { "id": "CVE-2023-4702", - "sourceIdentifier": "cve@usom.gov.tr", + "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-09-14T20:15:12.373", - "lastModified": "2023-09-29T14:15:10.953", + "lastModified": "2023-11-30T09:15:07.560", "vulnStatus": "Modified", "descriptions": [ { @@ -17,11 +17,11 @@ "metrics": { "cvssMetricV31": [ { - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -29,12 +29,12 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 9.1, + "availabilityImpact": "HIGH", + "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, - "impactScore": 5.2 + "impactScore": 5.9 }, { "source": "nvd@nist.gov", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "type": "Primary", "description": [ { @@ -101,7 +101,7 @@ "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0526", - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "tags": [ "Third Party Advisory" ] diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49620.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49620.json new file mode 100644 index 00000000000..19de92c308d --- /dev/null +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49620.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-49620", + "sourceIdentifier": "security@apache.org", + "published": "2023-11-30T09:15:07.227", + "lastModified": "2023-11-30T09:15:07.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with\u00a0unauthorized\u00a0access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this\u00a0vulnerability" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apache/dolphinscheduler/pull/10307", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/zm4t1ykj4cro1c8183q7y32z0yzfz8yj", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4972.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4972.json index fdbf2e26c54..4af7e42d70a 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4972.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4972.json @@ -1,9 +1,9 @@ { "id": "CVE-2023-4972", - "sourceIdentifier": "cve@usom.gov.tr", + "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-09-14T20:15:13.403", - "lastModified": "2023-11-04T01:56:59.300", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T09:15:07.753", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,24 +17,24 @@ "metrics": { "cvssMetricV31": [ { - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH" + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, - "impactScore": 4.2 + "impactScore": 5.9 }, { "source": "nvd@nist.gov", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "type": "Primary", "description": [ { @@ -101,7 +101,7 @@ "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0526", - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "tags": [ "Third Party Advisory" ] diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5045.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5045.json index 0af3a0e0165..ba2310060af 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5045.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5045.json @@ -1,9 +1,9 @@ { "id": "CVE-2023-5045", - "sourceIdentifier": "cve@usom.gov.tr", + "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-10-12T12:15:10.777", - "lastModified": "2023-10-17T18:12:19.600", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T09:15:07.950", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "iletisim@usom.gov.tr", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,30 +37,30 @@ "impactScore": 5.9 }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 10.0, + "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, - "impactScore": 6.0 + "impactScore": 5.9 } ] }, "weaknesses": [ { - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "type": "Primary", "description": [ { @@ -91,7 +91,7 @@ "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0580", - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "tags": [ "Third Party Advisory" ] diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5046.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5046.json index 69af066f5ef..9e87d654afa 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5046.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5046.json @@ -1,9 +1,9 @@ { "id": "CVE-2023-5046", - "sourceIdentifier": "cve@usom.gov.tr", + "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2023-10-12T12:15:10.867", - "lastModified": "2023-10-17T18:14:03.917", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-30T09:15:08.153", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "iletisim@usom.gov.tr", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,30 +37,30 @@ "impactScore": 5.9 }, { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 10.0, + "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, - "impactScore": 6.0 + "impactScore": 5.9 } ] }, "weaknesses": [ { - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "type": "Primary", "description": [ { @@ -91,7 +91,7 @@ "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0581", - "source": "cve@usom.gov.tr", + "source": "iletisim@usom.gov.tr", "tags": [ "Third Party Advisory" ] diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6019.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6019.json index 848177a730d..f00dffedfba 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6019.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6019.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6019", "sourceIdentifier": "security@huntr.dev", "published": "2023-11-16T17:15:08.830", - "lastModified": "2023-11-29T18:15:07.390", + "lastModified": "2023-11-30T10:15:07.410", "vulnStatus": "Modified", "descriptions": [ { @@ -41,20 +41,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", + "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.1, + "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, - "impactScore": 5.2 + "impactScore": 5.9 } ] }, diff --git a/README.md b/README.md index 4d4e6d0b98a..c015cd0aa86 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-30T09:00:18.598296+00:00 +2023-11-30T11:00:17.590698+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-30T08:15:07.273000+00:00 +2023-11-30T10:15:07.410000+00:00 ``` ### Last Data Feed Release @@ -29,28 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231742 +231744 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `2` -* [CVE-2022-45135](CVE-2022/CVE-2022-451xx/CVE-2022-45135.json) (`2023-11-30T08:15:07.063`) -* [CVE-2023-49052](CVE-2023/CVE-2023-490xx/CVE-2023-49052.json) (`2023-11-30T07:15:08.177`) -* [CVE-2023-49077](CVE-2023/CVE-2023-490xx/CVE-2023-49077.json) (`2023-11-30T07:15:08.267`) -* [CVE-2023-49081](CVE-2023/CVE-2023-490xx/CVE-2023-49081.json) (`2023-11-30T07:15:08.723`) -* [CVE-2023-49095](CVE-2023/CVE-2023-490xx/CVE-2023-49095.json) (`2023-11-30T07:15:09.133`) -* [CVE-2023-49699](CVE-2023/CVE-2023-496xx/CVE-2023-49699.json) (`2023-11-30T07:15:09.543`) -* [CVE-2023-49700](CVE-2023/CVE-2023-497xx/CVE-2023-49700.json) (`2023-11-30T07:15:09.967`) -* [CVE-2023-49701](CVE-2023/CVE-2023-497xx/CVE-2023-49701.json) (`2023-11-30T08:15:07.273`) +* [CVE-2021-36806](CVE-2021/CVE-2021-368xx/CVE-2021-36806.json) (`2023-11-30T10:15:07.183`) +* [CVE-2023-49620](CVE-2023/CVE-2023-496xx/CVE-2023-49620.json) (`2023-11-30T09:15:07.227`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `7` -* [CVE-2023-48042](CVE-2023/CVE-2023-480xx/CVE-2023-48042.json) (`2023-11-30T07:15:07.920`) +* [CVE-2023-42502](CVE-2023/CVE-2023-425xx/CVE-2023-42502.json) (`2023-11-30T09:15:07.123`) +* [CVE-2023-4664](CVE-2023/CVE-2023-46xx/CVE-2023-4664.json) (`2023-11-30T09:15:07.313`) +* [CVE-2023-4702](CVE-2023/CVE-2023-47xx/CVE-2023-4702.json) (`2023-11-30T09:15:07.560`) +* [CVE-2023-4972](CVE-2023/CVE-2023-49xx/CVE-2023-4972.json) (`2023-11-30T09:15:07.753`) +* [CVE-2023-5045](CVE-2023/CVE-2023-50xx/CVE-2023-5045.json) (`2023-11-30T09:15:07.950`) +* [CVE-2023-5046](CVE-2023/CVE-2023-50xx/CVE-2023-5046.json) (`2023-11-30T09:15:08.153`) +* [CVE-2023-6019](CVE-2023/CVE-2023-60xx/CVE-2023-6019.json) (`2023-11-30T10:15:07.410`) ## Download and Usage